This IRP spans four converging threat clusters: a critical actively-exploited zero-day in Palo Alto PAN-OS (CVE-2026-0300) with confirmed state-sponsored post-exploitation and Active Directory credential harvesting; a trio of hardware and software supply chain threats including nation-state hardware backdoors in critical infrastructure, a kernel-level sabotage framework, and a DPRK macOS campaign targeting cryptocurrency firms; and two credential-theft campaigns – an AiTM phishing operation bypassing TOTP MFA on ManageWP and a VoidStealer infostealer neutralizing Chrome’s App-Bound Encryption. Secondary threats include AI-accelerated vulnerability exploitation reshaping patch prioritization economics, organized TOAD callback phishing infrastructure abusing VoIP providers, and patch-required vulnerabilities in Cisco IoT FND and Apache Thrift on CBL-Mariner. Immediate action is required on CVE-2026-0300 (patches not fully available until May 28, 2026) and hardware supply chain exposure in critical infrastructure; credential protection architecture requires urgent reassessment across all scenarios.